iraniangoals.com JavaScript reverse engineering by Ciro Santilli 34 Updated 2024-10-28 Created 1970-01-01
Some reverse engineering was done at: twitter.com/hackerfantastic/status/1575505438111571969?lang=en.
Notably, the password is hardcoded and its hash is stored in the JavaScript itself. The result is then submitted back via a POST request to
/cgi-bin/goal.cgi
.TODO: how is the SHA calculated? Appears to be manual.